Debian Wordpress vulnerabilities

CVE-2022-43500 [MEDIUM] CVE-2022-43500: wordpress - Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a... Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. Scope: local bookworm: resolved (fixed in 6.0.3+dfsg1-1) bullseye: resolved (fixed in 5.7.8+dfsg1-0+deb11u1) forky: resolved (fixed in 6.0.3+df

CVE-2022-3590 [MEDIUM] CVE-2022-3590: wordpress - WordPress is affected by an unauthenticated blind SSRF in the pingback feature. ... WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-43504 [MEDIUM] CVE-2022-43504: wordpress - Improper authentication vulnerability in WordPress versions prior to 6.0.3 allow... Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. Scope: local bookworm: resolved (fixed in 6.0.3+dfsg1-1) bullseye: res

CVE-2022-43497 [MEDIUM] CVE-2022-43497: wordpress - Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a... Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7. Scope: local bookworm: resolved (fixed in 6.0.3+dfsg1-1) bullseye: resolved (fixed in 5.7.8+dfsg1-0+deb11u1) forky: resolved (fixed in 6.0.3+df

CVE-2022-4973 [MEDIUM] CVE-2022-4973: wordpress - WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored C... WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on

CVE-2021-29476 [CRITICAL] CVE-2021-29476: wordpress - Requests is a HTTP library written in PHP. Requests mishandles deserialization i... Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved

CVE-2021-39201 [HIGH] CVE-2021-39201: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches T

CVE-2021-44223 [HIGH] CVE-2021-44223: wordpress - WordPress before 5.8 lacks support for the Update URI plugin header. This makes ... WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. Scope: local bookwo

CVE-2021-29450 [MEDIUM] CVE-2021-29450: wordpress - Wordpress is an open source CMS. One of the blocks in the WordPress editor can b... Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to re

CVE-2021-39200 [MEDIUM] CVE-2021-39200: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with

CVE-2021-29447 [HIGH] CVE-2021-29447: wordpress - Wordpress is an open source CMS. A user with the ability to upload files (like a... Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affect

CVE-2021-39202 [HIGH] CVE-2021-39202: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only p

CVE-2021-39203 [MEDIUM] CVE-2021-39203: wordpress - WordPress is a free and open-source content management system written in PHP and... WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This affected WordPress 5.8 beta during the testing period. It's fixed in

CVE-2020-28035 [CRITICAL] CVE-2020-28035: wordpress - WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved (fixed in 5.5.3+dfsg1-1) trixie: resolved (fixed in 5.5.3+dfsg1-1)

CVE-2020-28039 [CRITICAL] CVE-2020-28039: wordpress - is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbit... is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved (fixed in 5.5.3+dfsg1-1)

CVE-2020-28036 [CRITICAL] CVE-2020-28036: wordpress - wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attacker... wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved (fixed in 5.5.3+dfsg1-1) trixie: resolved (fixed in 5.5.3+dfsg1-1)

CVE-2020-28032 [CRITICAL] CVE-2020-28032: wordpress - WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Reques... WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved (fixed in 5.5.3+dfsg1-1) trixie: resolved (fixed in 5.5.3+dfsg1-1)

CVE-2020-28037 [CRITICAL] CVE-2020-28037: wordpress - is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 imprope... is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolve

CVE-2020-28033 [HIGH] CVE-2020-28033: wordpress - WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite netw... WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Scope: local bookworm: resolved (fixed in 5.5.3+dfsg1-1) bullseye: resolved (fixed in 5.5.3+dfsg1-1) forky: resolved (fixed in 5.5.3+dfsg1-1) sid: resolved (fixed in 5.5.3+dfsg1-1) trixie: resolved (fixed in 5.5.3+dfsg1-1)

CVE-2020-11026 [HIGH] CVE-2020-11026: wordpress - In affected versions of WordPress, files with a specially crafted name when uplo... In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9,